QwikSec

Security Database

CVE

CWE

Training

CVE-2013-1436

Published: Oct 6, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the xmobar window title, as demonstrated using an action tag.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_GENTOO

[oss-security] 20130726 CVE-2013-1436: xmonad-contrib remote command injection

mailing-list

x_refsource_MLIST

http://handra.rampa.sk/dawb/patch?repoPURL=http%3A%2F%2Fcode.haskell.org%2FXMonadContrib&repoPHash=20130708144813-1499c-0c3e284d3523c0694b9423714081761813bc1e89

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.